Abstract: A discovery agent is running on a node within the network group. The network group is shielded from an administrative system by a communication limiting device. The communication limiting device prevents the administrative system from detecting nodes within the network group. The communication limiting device, however, does not prevent the node running the discovery agent from identifying other nodes within the network group. The discovery agent detects one or more nodes within the network group and transmits data identifying these nodes to the administrative system. Accordingly, the administrative system may identify and manage the newly detected nodes using a management agent installed on the nodes.

Abstract: An exemplary method involves receiving a request to monitor a resource within a computer system. The request may be a monitoring resource request or a configuration request. A plurality of requests may be received and collected in a collector. The method also involves selecting a monitoring process from a plurality of monitoring processes and forwarding the request to the selected monitoring process. The capabilities of each monitoring process within the plurality of monitoring processes are registered with the collector. The method further involves enabling the selected monitoring process to terminate after execution of the request.

Abstract: A computing device configured for filtering a data set is described. The computing device includes a processor and executable instructions stored in memory that is in electronic communication with the processor. The computing device obtains a data set. The computing device also selects nodes from multiple trees to produce a node selection. The computing device further generates a composite filter based on the node selection. The computing device additionally filters the data set based on the composite filter to produce a working data set.

Abstract: A method and system for authenticating credentials for management of a client is disclosed. The credentials are provided to a verification application. The credentials are authenticated to an authentication application. A connection between the authentication application and a security server is established. An authenticator is invoked. Administrative rights associated with the credentials are verified. An authentication certificate indicating the administrative rights is sent to the client.

Abstract: A package deployment manager on an administrative system deploys a dependent software package to a plurality of target nodes. The package deployment manager also identifies one or more dependencies of the dependent software package. For each dependency that is identified, the package deployment manager determines which of the plurality of target nodes already have the dependency installed, and deploys the dependency only to the target nodes that do not already have the dependency installed.

Abstract: In an exemplary embodiment, an out-of-band management stack that is located on a managed node receives at least one management command from an out-of-band management application that is located on an administrative system. A monitoring agent on the managed node obtains the at least one management command. For example, the out-of-band management stack may forward the at least one management command to the monitoring agent. Alternatively, the out-of-band management stack may write the at least one management command to a designated location on the managed node, and the monitoring agent may read the at least one management command from the designated location. In response to obtaining the at least one management command, the monitoring agent processes and carries out the at least one management command.

Abstract: A method for establishing trusted communication between a client and a server is described. The method is implemented by a computer system. A response is received from a first server. An internet protocol address of the first server is compared with at least one internet protocol address within a list. The response is validated if the internet protocol address of the first server is included within the list. Trusted communication is established between the client and the first server. The trusted communication includes assigning an internet protocol address provided by the response to the client.

Abstract: Systems and methods for protecting sensitive files from unauthorized access are disclosed. An exemplary method involves detecting a connection of the computing device to an electronic device. An authorized connection list is accessed. It is then determined whether the connection is identified in the authorized connection list. If the connection is not identified in the authorized connection list, the method involves accessing sensitive file information which identifies at least one sensitive file stored on the computing device, and preventing access to the at least one sensitive file identified by the sensitive file information.

Abstract: An exemplary method involves an SSL server receiving an SSL session request from an SSL client. It is determined whether the SSL client is going to use certificate-based authentication. This may involve identifying a port at which the SSL session request was received. Alternatively, this may involve identifying an IP address at which the SSL session request was received. Alternatively still, this may involve examining authentication information in the SSL session request. If the SSL client is going to use certificate-based authentication, a certificate is requested from the SSL client. If the SSL client is not going to use certificate-based authentication, the certificate is not requested from the SSL client.

Abstract: In an exemplary method, a resident agent receives multiple requests from one or more requesting processes for connections to services. The requested services are hosted by a fast service host. The resident agent establishes multiple connections to the one or more requesting processes for the requested services. The resident agent notifies a single instance of a fast service host of the multiple connections. The resident agent facilitates communication between the requested services on the fast service host and the one or more requesting processes. This may involve establishing one or more routing connections to the fast service host, and routing data between the one or more requesting processes and the requested services on the fast service host.

Abstract: Systems and methods for updating distributed network inventory services are disclosed. A network or a portion thereof is scanned to identify at least one computing asset within the scanned portion. A scan file is compiled based on the information obtained. A first inventory service is updated based on the scan file. A second inventory service is identified. The scan file is transmitted to the second inventory service, and the second inventory service is updated based on the scan file. In one embodiment, the inventory services are selectively updated based on specific types of data, such as hardware or software inventory data, within the scan file. In addition, a specialized database management system may be used to enable data gathering techniques specific to inventory data.

Abstract: At least one node in the network is assigned to a first deployment group and at least one other node in the network is assigned to a second deployment group. A set of distribution criteria specifies a triggering event which must occur before a software package is deployed to the second deployment group. The software package is deployed to at least one node within the first deployment group. Distribution of the software package to at least one node within the second deployment group is deferred until after the triggering event has occurred.

Abstract: A method for quarantining a node from other nodes in a network is described. A node is scanned to obtain a health posture of the node by determining if the node is compliant with one or more requirements. A current policy in accordance with the obtained health posture of the node is obtained. A previous policy is removed. If the node is determined to be non-compliant, a key that is unique to the non-compliant node is selected. The current policy is applied.

Abstract: In an exemplary method that is performed by a first computer system, one or more file blocks are identified within a target file. The one or more file blocks comprise a desired portion of the target file. At least one file block is downloaded from a second computer system. However, the entire target file is not downloaded. A previously calculated validation value is received for a file block that has been downloaded. A new validation value is calculated for the downloaded file block. If the new validation value for the file block does not match the previously calculated validation value for the file block, the file block is discarded.

Abstract: In an exemplary embodiment, a deployment program on an administrative system receives user input to deploy target software to the managed nodes in a recipient group. In response, the deployment program identifies a pilot group to test the target software. The pilot group comprises a subset of the recipient group. Each managed node in the pilot group has a unique combination of N attributes. The deployment program deploys the target software to the pilot group prior to deploying the target software to other managed nodes in the recipient group that are not part of the pilot group.

Abstract: A method for managing a computer over a network is disclosed. The method may be implemented by a resident agent on the network. A connection between the resident agent and a sending application may be opened. Application data may be received from the sending application by the resident agent. A header may be received from the sending application by the resident agent. Whether a data package should be sent directly to a receiving application or whether the data package should be sent through a gateway may be determined. If it is determined that the data package should be sent directly to a receiving application, the data package may be sent directly to the receiving application. If it is determined that the data package should be sent through the gateway, the data package may be sent through the gateway.

Abstract: A system for managing a local cache that is part of a distributed cache is disclosed. The system includes a computing device. The computing device includes or is in electronic communication with a computer-readable medium. The computer-readable medium includes executable instructions for implementing a method for managing a local cache that is part of a distributed cache. In the method the local cache that is part of the distributed cache is identified. The local cache has a plurality of local files. Remote cache information is requested from a plurality of peers. The remote cache information is received. The remote cache information includes a file list identifying files in one or more remote caches. A priority is determined for each file of the plurality of local files based on the remote cache information. A local cache reduction operation is started that uses the priority to determine whether a local file is deleted.